Zoom’s chief executive admits to security flaws but vows to win back users’ trust

Videoconferencing events have been invaded by the practice of ‘Zoombombing’ where hackers enter codes to disrupt online meetings

Zoom Video's chief executive Eric Yuan takes part in the Nasdaq bell-ringing ceremony after his company's IPO in New York in April, last year. AP
Powered by automated translation

Zoom Video’s chief executive said he “messed up” in running a service that has been easily hacked, attracting scrutiny from regulators and privacy advocates as well as unwanted lawsuits.

"I really messed up as chief executive and we need to win their [users'] trust back. This kind of thing shouldn't have happened … if we mess up again, it's done," Eric Yuan said in an interview with The Wall Street Journal.

He said end-to-end encryption to secure conversations was on the cards, but a "full-encryption feature won't be ready for a few months".

The videoconferencing app has had a huge increase in users over the past two months as hundreds of millions of people are confined to their homes to prevent the spread of the coronavirus outbreak.

From enabling business conferences, client meetings and training webinars, Zoom Video is also used for virtual school lessons, salsa classes, yoga sessions, college reunion parties and dinner gatherings.

But the practice of "Zoombombing" has presented a problem –  entering others' meetings and then sharing hate speech or pornographic images.

“I thought I was letting our users down … I feel an obligation to win the users’ trust back,” said Mr Yuan.

Partly propelled by Zoombombing incidents, the FBI issued a warning about videoconference hijacking last week.

Dance instructor Anneliese Suda teaches a pre-teen junior company ballet class through Zoom at Sierra Madre Dance Center, which is closed during the global outbreak of the coronavirus disease (COVID-19), in Sierra Madre, California, U.S., April 1, 2020. REUTERS/Mario Anzuoni
A dance instructor conducting a ballet class through Zoom in California. Reuters

Zoom, which was floated in April 2019, said that the offices of more than 25 attorneys general in the United States had raised questions about privacy issues and it is working with the authorities.

A user also filed a lawsuit claiming that the site had disclosed personal information without his permission.

The current number of daily meeting users across Zoom’s paid and free services has surged to 200 million, from around 10 million in December.

Its shares have more than doubled since January and its market capitalisation stands at $40.3 billion (Dh147.9bn).

For the past few weeks, supporting this influx of users has been a “tremendous undertaking and our sole focus”, Mr Yuan said in the company’s latest blog.

“However, we recognise that we have fallen short of the community’s – and our own – privacy and security expectations.”

On Friday, security researchers at University of Toronto's Citizen Lab said the company used inferior encryption technology, routed some calls made in North America through China and, in some cases, stored data on servers in the world's second-largest economy.

Zoom said it has taken steps to address the concerns.

“In our urgency to come to the aid of people, we added server capacity and deployed it quickly," it said.

"In that process, we failed to fully implement our usual geofencing best practices.”